25,160 questions
ServiceNow to Azure AD User & Group Provisioning Issues not properly maintaining group memberships
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 90%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEG%3C/text%3E%3C/svg%3E)
Eric Gauthier
10
Reputation points
We are having issues with our ServiceNow to Azure AD Integration. In particular, the current issue that we are experiencing is with Provisioning of Groups, and Group Memberships. It does not seem that when users are added (or removed) that the group memberships are keeping synced in ServiceNow with what is in Azure AD. This is problematic for us as we use these groups for access and notifications etc.
We would think with ServiceNow & Microsoft's partnership, these integrations would be very well documented. Maybe they are, and I am just not finding the correct documentation.
Example: one of our groups in Azure AD and in ServiceNow. I got a call today as someone did not have access to an Application. When I went into Azure AD, she is listed as a member of the Group. When I look at the group in ServiceNow, she is not.
So when this happens, what we will usually do (Not sure if this is best practice or not) is to do a Provision on Demand in Azure AD to see if it will sync and bring the members over. However, when you just sync the group, it only brings over the group, and no members. If you select members (and can only select up to 5 when provisioning on demand) we are getting an error. "Provision on demand. This required credential was not provided: BaseAddress". What credential is it asking for, and where do you provide this?
We need to find out why the syncs are not working properly. Is that the way to manually sync group members to a group?
Are there any best practices or doc on this integration to review and make sure we are configured correctly? This has been very time-consuming for us trying to troubleshoot and fix. LDAP was very accurate and worked! Would appreciate any assistance we could get as we have a case open with SN & Microsoft as well, but we have not heard back from them yet.
Thanks,
-Eric
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 74%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
David Côté-Ouellette 5 Reputation points2023-06-14T19:54:55.6866667+00:00 I have the same issue and would like to see if you find any answer. Thanks
-
Dillon Silzer 57,831 Reputation points Volunteer Moderator2023-06-14T21:38:21.2866667+00:00 - Have you checked the Provision Logs on the Enterprise Application? More details can be provided in what attributes are being sent via SCIM.
- Do these specific groups have Azure AD admins/M365 Admins?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 99%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Manjir Sen 0 Reputation points2024-08-09T21:09:29.6533333+00:00 Same issue users are not added to removed from group memberships if there occurs no change on the user profile or it is not a new user upon which the membership is changed.
Sign in to comment
Sign in to answer